What is it?
Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients.
Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is usefull for systems that need to generate encryption keys, run VPN software or run a casino website. Also virtual systems that have no good sources of entropy like virtual servers (e.g. VMware, XEN and KVM (altough KVM has the virtio_rnd driver)).
Entropy Broker is an infrastructure consisting of client-daemons that fill /dev/random and server-daemons that feed the central entropy broker-server. The server-daemons can gather random values by measuring timer frequency noise, analysing noise from a unused audio-device, noise from a video source (webcam, tv-card) and random values from a real hardware RNG (random number generator).
How it works
It uses the blowfish encryption algorithm to stir the entropy data into the (4096 bits in size) pools. It has a configurable number of pools (default 14). To extract entropy data, it calculates a SHA512 hash, folds it in half and then returned as data. After that the hash is used to permutate the pool again. For each blowfish invocation, the initial vector is rotated 1 bit - it is initialized with 64 bit taken from the local system-PRNG. It uses this method to determine the number of bits of information in the data delivered by the entropy-gather-servers.
Click on picture to zoom-in:
Entropy Broker itself
EntropyBroker is written in C.
0.7: entropybroker can now also act as an EGD (entropy gathering daemon) itself, this functionality is compatible with at least OpenSSL
0.6: added support for the EGD (entropy gathering daemon) unix domain socket interface so that EntropyBroker can also retrieve entropy data from an EntropyKey
0.4: now configurable via configfiles, added lots of configurable settings, added new sanity check (serial correlation coefficient)
0.3: sever_stream now also supports serial devices, using -o the server_*cpp daemons write their output to a file instead of the eb-server, added FIPS 140-2 test
0.2: time-outs added, fixed buffer overruns
0.1: initial release
- inventgeek.com - use a radiation-source from a smoke-dector and a webcam for generating random numbers.
- fourmilab - another article about generating true random numbers using an radioactive source.
- This website: http://www.cs.berkeley.edu/~daw/rnd/ lists a whole lot of links to information on entropy-gathering on computers.
- lavarnd.org - generating random values using a lavalamp and a webcam.
- RFC 4086 - Randomness requirements for security
- Soekris engineering sells a board for aprox. $80 with a hardware RNG on it.
- ComScire has an USB solution producing upto 1Mb of random data per second.
- Orion has an RS232 solution producing 7.6Kb per second.
- hg400 USB2.0 connected hardware RNG. data-rates from 16Mb upto 32Mb.
- protego.se an RS232 and USB solution.
- qrbg - a USB connected quantum RNG. 12Mb/s
- idquantique - another quantum solution. 4 upto 16Mb
For contact info, see this page.